If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

BlackICE allows local user to become system

If you look at task manager you will note that blackd.exe is running as SYSTEM. After some toying with the GUI we discovered a buffer overflow in the packetLog functionality. The overflow can be triggered with the following .ini options. A 217 Character log prefix makes BlackICE blackd crash with the EIP and ECX both overwritten with user supplied data. We simply run the BlackICE exploit that we prepared for the above condition. Source http://www.secnetops.com/research . I am including a text file in details which you can also get from above mentioned link. But you have to become a member. Enjoy and patch your BlackICE. If possible.

Nice find but....You'll need admin privileges to gain access to the ini, right? I mean, can a "normal" user account edit this ini file? Someone who already has admin rights can gain SYSTEM in alot more simpler ways.

Maybe the GUI is also vulnerable to a Shatter attack? Then a normal user would be able to gain SYSTEM making it infinitely more dangerous

Oliver's Law:
Experience is something you don't get until just after you need it.

That's scary, SirDice.......but that's a good question...is the GUI vulnerable to such a shatter attack......

Hmmm......Sounds like a good project....I've been terribly bored lately!

Windows 9x:n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.

Ya thats what i like about Open Source, and I agree. You should expect more of these companies, however, I do follow the notion that there is a vulnerability in about every computer system/program known to man...but they should go through there source beforehand and while there product is out and patch it themselves..